add rsa key import methods to handle pem and der encoding directly #252
Conversation
examples/keygen/keyimport.c
Outdated
| @@ -33,16 +33,47 @@ | |||
|
|
|||
| #ifndef WOLFTPM2_NO_WRAPPER | |||
|
|
|||
| static const char* kRsaKeyPrivPem = | |||
There was a problem hiding this comment.
Please add a comment about where this RSA private key came from. Like ./certs/server-key.pem?
There was a problem hiding this comment.
I moved it to a file instead, I was just copying the way the der key was included raw
examples/keygen/keyimport.c
Outdated
| @@ -55,6 +86,8 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[]) | |||
| TPM_ALG_ID paramEncAlg = TPM_ALG_NULL; | |||
| WOLFTPM2_SESSION tpmSession; | |||
| const char* outputFile = "keyblob.bin"; | |||
| uint8_t derEncode = 0; | |||
There was a problem hiding this comment.
I like stdint.h types, but please use byte. Thanks
There was a problem hiding this comment.
so is it only wolfBoot that uses uint types?
examples/keygen/keyimport.c
Outdated
| } | ||
| else if (pemEncode == 1) { | ||
| rc = wolfTPM2_RsaPrivateKeyImportPem(&dev, &storage, &impKey, | ||
| kRsaKeyPrivPem, strlen(kRsaKeyPrivPem), NULL, |
There was a problem hiding this comment.
Please use (word32)XSTRLEN(kRsaKeyPrivPem).
src/tpm2_wrap.c
Outdated
| word32 pSz = sizeof(p); | ||
| word32 qSz = sizeof(q); | ||
|
|
||
| if (dev && parentKey && keyBlob && input && inSz != 0) |
There was a problem hiding this comment.
Confusing logic. Would prefer init rc = 0 and set rc = BAD_FUNC_ARG; on failure.
There was a problem hiding this comment.
saw it in some wolfssl function and thought it was concise, if it's not preferred I'll change it
src/tpm2_wrap.c
Outdated
| byte d[RSA_MAX_SIZE / 8]; | ||
| byte p[RSA_MAX_SIZE / 8]; | ||
| byte q[RSA_MAX_SIZE / 8]; | ||
| word32 eSz = sizeof(e); |
There was a problem hiding this comment.
Must cast these: word32 eSz = (word32)sizeof(e);
src/tpm2_wrap.c
Outdated
| /* der size is base 64 decode length */ | ||
| derSz = inSz * 3 / 4 + 1; | ||
|
|
||
| derBuf = XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
There was a problem hiding this comment.
I need to remember that, you've corrected me on it before but I keep doing it
src/tpm2_wrap.c
Outdated
| if (rc == 0) | ||
| rc = wc_KeyPemToDer((byte*)input, inSz, derBuf, derSz, pass); | ||
|
|
||
| /* returns the number of bytes*/ |
There was a problem hiding this comment.
Nit: space between bytes*/
src/tpm2_wrap.c
Outdated
| rc = wc_KeyPemToDer((byte*)input, inSz, derBuf, derSz, pass); | ||
|
|
||
| /* returns the number of bytes*/ | ||
| if (rc > 0) |
There was a problem hiding this comment.
can you have a der key with 0 byte length?I thought that would return bad arg error, I looked at the underlying function PemToDer and if it doesn't find an asn header it returns ASN_NO_PEM_HEADER which is less than 0
examples/keygen/keyimport.c
Outdated
| @@ -77,6 +110,15 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[]) | |||
| else if (XSTRCMP(argv[argc-1], "-xor") == 0) { | |||
| paramEncAlg = TPM_ALG_XOR; | |||
| } | |||
| else if (XSTRCMP(argv[argc-1], "-pem") == 0) { | |||
There was a problem hiding this comment.
-pem is in here twice. Looks like copy/paste issue. This one should be deleted.
examples/keygen/keyimport.c
Outdated
| byte derEncode = 0; | ||
| byte pemEncode = 0; | ||
| FILE* pemFile = NULL; | ||
| char pemBuf[2048]; |
There was a problem hiding this comment.
Just use WOLFTPM2_MAX_BUFFER
examples/keygen/keyimport.c
Outdated
| rc = wolfTPM2_RsaPrivateKeyImportPem(&dev, &storage, &impKey, | ||
| kRsaKeyPrivPem, strlen(kRsaKeyPrivPem), NULL, | ||
| TPM_ALG_NULL, TPM_ALG_NULL); | ||
| pemFile = fopen("./certs/example-rsa-key.pem", "r"); |
There was a problem hiding this comment.
Add support to take the key filename as argument. Default to this example.
examples/keygen/keyimport.c
Outdated
| TPM_ALG_NULL, TPM_ALG_NULL); | ||
| pemFile = fopen("./certs/example-rsa-key.pem", "r"); | ||
|
|
||
| rc = fread(pemBuf, 1, 2048, pemFile); |
There was a problem hiding this comment.
Please use XFREAD and use sizeof(pemBuf)
examples/keygen/keyimport.c
Outdated
| pemBuf, rc, NULL, TPM_ALG_NULL, TPM_ALG_NULL); | ||
| } | ||
|
|
||
| fclose(pemFile); |
src/tpm2_wrap.c
Outdated
| if (derBuf == NULL) | ||
| return MEMORY_E; | ||
|
|
||
| if (rc == 0) |
There was a problem hiding this comment.
This rc == 0 is not needed. Remove please
certs/include.am
Outdated
| @@ -7,4 +7,5 @@ EXTRA_DIST += \ | |||
| certs/ca-rsa.cnf \ | |||
| certs/ca-ecc.cnf \ | |||
| certs/wolf-ca-ecc-cert.pem \ | |||
| certs/wolf-ca-rsa-cert.pem | |||
| certs/wolf-ca-rsa-cert.pem \ | |||
There was a problem hiding this comment.
Nit: Indentation is off here.
examples/keygen/keyimport.c
Outdated
| printf("* -ecc: Use RSA or ECC for keys\n"); | ||
| printf("* -aes/xor: Use Parameter Encryption\n"); | ||
| printf("* -pem/der: Key encoding type, none for binary\n"); |
There was a problem hiding this comment.
NIT: I'd prefer -pem= support where the =name is optional.
examples/keygen/keyimport.c
Outdated
| byte pemEncode = 0; | ||
| FILE* pemFile = NULL; | ||
| char pemBuf[WOLFTPM2_MAX_BUFFER]; | ||
| char pemName[WOLFTPM2_MAX_BUFFER]; |
There was a problem hiding this comment.
This is too long for filename and it should just be a char* with default that can be changed.
const char* pemName = "./certs/example-rsa-key.pem";
/* then later just set this to the argv */
pemName = (const char*)argv[i + 1];`
examples/keygen/keyimport.c
Outdated
| printf("Failed to read pem file %s\n", pemName); | ||
|
|
||
| if (rc == 0) | ||
| rc = XFREAD(pemBuf, 1, sizeof(pemBuf), pemFile); |
There was a problem hiding this comment.
Add explicit cast to int:
examples/keygen/keyimport.c:167:22: error: implicit conversion loses integer precision: 'unsigned long' to 'int' [-Werror,-Wshorten-64-to-32]
rc = XFREAD(pemBuf, 1, sizeof(pemBuf), pemFile);
~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There was a problem hiding this comment.
how do I test this, I need to set CC to clang?
examples/keygen/keyimport.c
Outdated
| printf("Warning: No pem file specified, using default: %s\n", pemName); | ||
| } | ||
| else { | ||
| XMEMCPY(pemName, argv[i + 1], XSTRLEN(argv[i + 1]) + 1); |
There was a problem hiding this comment.
Please print the name of the file used in the console output.
src/tpm2_wrap.c
Outdated
| derSz = inSz * 3 / 4 + 1; | ||
|
|
||
| derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); | ||
|
|
There was a problem hiding this comment.
Remove the extra line here.
src/tpm2_wrap.c
Outdated
| word32 pSz = (word32)sizeof(p); | ||
| word32 qSz = (word32)sizeof(q); | ||
|
|
||
| wc_InitRsaKey(key, NULL); |
There was a problem hiding this comment.
Please check the return code here. Only call free if rc == 0.
ZD 14996